Intel Kernel Bug

[Deleted member 65]

Just checked my Dell desktop and the Intel program says it is not vulnerable, has already been patched. I did a BIOS update a few days ago so maybe that was it?

If your Dell has a 22nm CPU as my Dell has it's not on the affected CPU list.

 

[Deleted member 65]

Intels utility is only telling us half the truth i.e. does not check for CPU firmware update.
See below test I did using different utility recommending me to update my Dell Laptop BIOS whereas Intels utility says laptop is Not vulnerable.

Edit/Update: My conclusion is that regardless of Windows OS patch or not every PC not having the CPU microcode update is vulnerable since the MS OS patch is not enabled without the HW patch. So there we are, Intel's utility is lying to us!

 

[Sal1950]

Looks like you need the Intel MEI driver as it states.

Where does that come from, a bio's flash?

 

[amirm]

Where does that come from, a bio's flash?

No, it is an OS (software) driver. It interfaces with a small "secure" processor inside the CPU.

 

[amirm]

Intels utility is only telling us half the truth i.e. does not check for CPU firmware update.

I think the Intel utility is for something else! I say that because it came out a couple of months ago and the obscure text around what it does, does not refer to latest breaches. Intel did not admit to this problem until very recently so that tool/vulnerability must be for something else.

This is scary because that exposure is also serious yet none of us impacted have fixes for it! Sad that even big computer companies don't take security seriously. They are so spoiled just waiting for Microsoft to do the work for them. Now that it is their turn with hardware problems, they don't have the processes and systems in place to notify impacted people.

 

[Deleted member 65]

I think the Intel utility is for something else! I say that because it came out a couple of months ago and the obscure text around what it does, does not refer to latest breaches. Intel did not admit to this problem until very recently so that tool/vulnerability must be for something else.

This is scary because that exposure is also serious yet none of us impacted have fixes for it! Sad that even big computer companies don't take security seriously. They are so spoiled just waiting for Microsoft to do the work for them. Now that it is their turn with hardware problems, they don't have the processes and systems in place to notify impacted people.

PowerShell – Check For Meltdown and Spectre

This PS C:\WINDOWS\system32> Get-SpeculationControlSettings Windows 10 utility works unlike Intel's utility.

Instructions here how to get it: https://www.tweakhound.com/2018/01/05/powershell-check-meltdown-spectre/

 

[amirm]

Man that is one convoluted way to get you to where you want to go! Did you get through the install?

 

[Sal1950]

No, it is an OS (software) driver. It interfaces with a small "secure" processor inside the CPU.

Same answer in Win 10?

 

[Brad]

Using that power shell script above looks like it would open a whole slew of security holes

 

[amirm]

Same answer in Win 10?

Ah, I see the problem now. Your CPU is: Processor Name: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz. That is a much older CPU (Core 2) and doesn't have this security microprocessor in there to report anything. IN other words it is not compatible with your CPU.

 

[Sal1950]

Ah, I see the problem now. Your CPU is: Processor Name: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz. That is a much older CPU (Core 2) and doesn't have this security microprocessor in there to report anything. IN other words it is not compatible with your CPU.

OK thanks, guess I just won't worry about it for now.
This box I built in 2008 is still running fine and power wise is all the computer I need, still lightening fast to me, specially under linux.

 

[Deleted member 65]

Using that power shell script above looks like it would open a whole slew of security holes

It's not for everyone, authors are Microsoft Security Response Center. They're still on my list of trusted providers ... ;-)

 

[Deleted member 65]

Man that is one convoluted way to get you to where you want to go! Did you get through the install?

Yes, very straightforward installation, see my post #62 above.

(CVE-2017-5715) known as "Spectre". Fixed by MS patch together with CPU firmware update.

(CVE-2017-5754) known as "Meltdown". Fixed by MS patch, does not rely on CPU firmware update.

Below applies to me as well, bought my Intel i7-8700 a couple of months ago.

https://www.tweakhound.com/2018/01/05/dear-intel-corporation/

"Dear Intel Corporation,
You were informed of the flaws in your CPUs months ago. Specifically, Spectre on June 1st, and Meltdown on July 28th of last year.
In December of last year I spent $1,877.34 on a new computer system based on the i7-8700k CPU, a CPU you long knew to have a major security issue. You should have stopped CPU sales as soon as you knew how bad the security issue with your CPUs were.
You knowingly sold me a flawed product and you are responsible for not only that but the related purchases, the time wasted, the sleepless nights and anguish. So, you owe me $1,877.34 + $1000 for time wasted + $5000 for pain and suffering. Complete breakdown is available on request. I expect this to be paid promptly.
Thank you,
"​

 

[Deleted member 65]

Tool to check for Meltdown & Spectre vulnerability (works unlike Intel's biased tool):

https://www.grc.com/inspectre.htm

Performance benchmark after applying Spectre & Meltdown patches on Intel i7-8700K CPU (latest CPU generation):

Results

Intel claimed a 4% overall hit for my CPU in their PCMark 10benchmark tests. (They continue to act like that is acceptable.)
My results:
A loss of 4.9% overall, with a high of 7.9% in Productivity.

Frequent reboots/System crash

The models that may experience this behavior have expanded to Broadwell, Haswell, Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake. That is basically everything in the last 7 years.

 

[CuteStudio]

Frequent reboots/System crash

Ooh err, that doesn't sound good.

 

[Deleted member 65]

Ooh err, that doesn't sound good.

That's an understatement ... ;-)

I'd recommend to apply the MS Meltdown patch & not apply the Spectre CPU microcode patch as of now.

 

[amirm]

Tool to check for Meltdown & Spectre vulnerability (works unlike Intel's biased tool):

https://www.grc.com/inspectre.htm

Excellent. Just click download and run. It runs instantly without installing a bunch of nonsense. My results are sad though:

 

[DonH56]

My result's the same on my notebook, which figures since there has not been a BIOS update and historically I've had problems getting updates from them (MSI). Have to try on my desktop later. At least it says the only problem is the BIOS; SW/OS is OK.

 

[Sal1950]

Tool to check for Meltdown & Spectre vulnerability (works unlike Intel's biased tool):

Excellent. Just click download and run. It runs instantly without installing a bunch of nonsense. My results are sad though:

What gives you the confidence that this piece of software can be trusted in any way?

 

[amirm]

What gives you the confidence that this piece of software can be trusted in any way?

I trust the company (Gibson Research). They have been around forever.

But yes, there is some risk and I was worried about installing the software.

Related, there are people who are distributing malware claiming to be a patch for these bugs. So be very careful.